2018 is here. While many of us are a couple of weeks into our New Year’s resolutions, some may have already broken them, or are waiting for “tomorrow” to start them. Some resolutions remain the same and some are filled with new ambitions. Regardless, the only way to keep things moving forward is to start.
The same dynamic applies to the fundamentals of cybersecurity. Perhaps your organization has made a resolution to focus on cybersecurity in 2018. If you haven’t, perhaps you should.
Many healthcare organizations made progress in 2017 and some have yet to start their journey. In cybersecurity, the first step is to conduct a regular risk assessment.
Why are security risk assessments so fundamental?
Risk assessments represent a huge opportunity for organizations to materially shape the future of their cybersecurity posture. When considering the momentum of our adversaries and the rapid rise in breaches, conducting regular risk assessments becomes an increasingly important first step.
Last year, the number of healthcare organizations impacted by a data breach rose for the third consecutive year. According to the Office For Civil Rights, healthcare organizations experienced a seven percent increase in the total number of entities impacted over the prior year. In total, 352 organizations and over 5 million individuals were impacted.
Now, the question on many people’s mind is “How can we strengthen the security posture of our organizations while balancing all the other competing priorities?”
The answer is, focus on the fundamentals:
Conduct a HIPAA- or NIST-based risk analysis
Once completed, make sure you prioritize the findings of the assessment and make progress against your corrective action plan.
Focus the appropriate resources on patching
This is one of the most important actions your organization can take to protect itself against known vulnerabilities. It’s surprising how many healthcare organizations focus on the next advanced threat protection technology, but haven’t patched in years.
Organizations around the world found out the importance of patching in 2017 when the WannaCry attack impacted healthcare organizations globally. Patching is simple in principle, but complex in practice. Don’t overlook the importance of vulnerability scanning and executing an effective patch management program.
Educate employees
Have a strategy for educating your employees on the dangers of poor cyber hygiene. End-user training coupled with simulated phishing is ideal. These programs are relatively inexpensive and can have a major impact on your security posture.
Protecting your organization is a journey that requires constant attention and never stops.